/*
 * Copyright (c) 2018-2028 兰州安众信息科技有限公司 All Rights Reserved.
 * ProjectName: 甘肃九建OA系统
 */

package com.book.manager.oauth2;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

@Configuration
@EnableResourceServer
public class MyResourceServerConfigurerAdapter extends ResourceServerConfigurerAdapter {

	@Autowired
	private CustomAuthExceptionHandler customAuthExceptionHandler;

	@Override
	public void configure(ResourceServerSecurityConfigurer resources) {
		resources.stateless(false)
				.accessDeniedHandler(customAuthExceptionHandler)
				.authenticationEntryPoint(customAuthExceptionHandler);
	}
	@Autowired
	private MyFilterSecurityInterceptor myFilterSecurityInterceptor;
	@Override
	public void configure(HttpSecurity http) throws Exception {
//		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
//				.and().
//				authorizeRequests().anyRequest().authenticated();

		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
				.and().
		authorizeRequests()
			//	.antMatchers("/oauth/*","/login/loginByAccount","/**/checkAppUpdate","/**/*.apk","/**/sendSms",
			//	"/**/activeAccount","/**/downloadApp","/**/*.html","/**/pushListAlias").permitAll()
//				.antMatchers("/**/getUserDetailInfo","/**/getAllRoleMenu","/**/getSysMenuWithUuid","/**/getAllMenuWithAspectConstValue").permitAll()
//				.antMatchers("/**/*.jpg","/**/*.png","/**/*.jpeg","/**/*.pdf").permitAll()
				.antMatchers("/**/h2-console/**").permitAll()
				.antMatchers("/swagger-ui.html").permitAll()
				.antMatchers("/doc.html").permitAll()
				.antMatchers("/webjars/**").permitAll()
				.antMatchers("/v2/**").permitAll()
				.antMatchers("/swagger-resources/**").permitAll()
//				.antMatchers("/webjars/springfox-swagger-ui/**").permitAll()

		.antMatchers("/**/getBookDetailWithBookId").hasRole("ADMIN")
//				.antMatchers("/sys/sys-tuser/**").hasRole("ADMIN")
		.anyRequest()
		.authenticated();
		http.addFilterBefore(myFilterSecurityInterceptor, FilterSecurityInterceptor.class);

		// making H2 console working
		http.headers().frameOptions().disable();

    /*
    https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html#when-to-use-csrf-protection
    for non-browser APIs there is no need to use csrf protection
    */
//		http.csrf().disable();
//				http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
//				.and().authorizeRequests().anyRequest().permitAll();



	}

}
